-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathalcatel_backdoor_switch.nasl
90 lines (78 loc) · 3.26 KB
/
alcatel_backdoor_switch.nasl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
###############################################################################
# OpenVAS Vulnerability Test
# $Id: alcatel_backdoor_switch.nasl 11636 2018-09-27 06:20:03Z cfischer $
#
# Alcatel OmniSwitch 7700/7800 switches backdoor
#
# Authors:
# deepquest <[email protected]>
# Modifications by rd:
# - added ref: http://www.cert.org/advisories/CA-2002-32.html
# - removed leftovers in the code (send(raw_string(0, 0))
# - added the use of telnet_init()
# - replaced open_sock_udp by open_sock_tcp()
# - added script id
# - attributed copyright properly to deepquest
# - merged some ideas from Georges Dagousset <[email protected]>
# who wrote a duplicate of this script
#
# Copyright:
# Copyright (C) 2002 deepquest
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.11170");
script_version("$Revision: 11636 $");
script_tag(name:"last_modification", value:"$Date: 2018-09-27 08:20:03 +0200 (Thu, 27 Sep 2018) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_bugtraq_id(6220);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2002-1272");
script_name("Alcatel OmniSwitch 7700/7800 switches backdoor");
script_category(ACT_GATHER_INFO);
script_copyright("This script is Copyright (c) 2002 deepquest");
script_family("Malware");
script_dependencies("find_service.nasl");
script_require_ports(6778);
script_xref(name:"URL", value:"http://www.cert.org/advisories/CA-2002-32.html");
script_tag(name:"solution", value:"Block access to port 6778/TCP or update to
AOS 5.1.1.R02 or AOS 5.1.1.R03.");
script_tag(name:"summary", value:"The remote host seems to be a backdoored
Alcatel OmniSwitch 7700/7800.");
script_tag(name:"impact", value:"An attacker can gain full access to any device
running AOS version 5.1.1, which can result in, but is not limited to,
unauthorized access, unauthorized monitoring, information leakage,
or denial of service.");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("telnet_func.inc");
include("misc_func.inc");
port = 6778;
p = known_service( port:port );
if( p && p != "telnet" && p != "aos" ) exit( 0 );
if( ! get_port_state( port ) ) exit( 0 );
soc = open_sock_tcp( port );
if( ! soc ) exit( 0 );
data = get_telnet_banner( port:port );
if( data ) {
security_message( port:port, data:'Banner:\n' + data );
register_service( port:port, proto:"aos" );
exit( 0 );
}
exit( 99 );